[Snort-users] Snort Reporting and Capture

Michael xeon at ...8041...
Thu Jan 23 00:11:04 EST 2003


Hello everyone,

I'm new to snort and would like to get your valuable feedback on some of 
the utilities that are out there that can help me manage and view snort 
results as they are captured.

What I'm really looking for first of all is a utility that can capture 
the alerts and warnings, displaying them either through a web interface 
and or it's own UI.  I would also like to know of any utilities out may 
be out there that help with snort configuration, such as changes you 
would like to add or help with adding new rules etc., that may be available.

Here is a brief description of my setup and would appreciate any 
feedback you all could provide that may be best for my particular case.

I'm running a single FreeBSD machine with multiple IP's (total of five). 
  From this machine I run a webserver and also IRC related 
programs/processes.  This machine acts as it's own Gateway and firewall 
and would like to add snort to monitor all the traffic to and from this 
machine.

What would you recommend as the best setup with this type of layout that 
would provide an easy way to constantly monitor the traffic as stated above?

Any and all feedback is welcome.

Thanks for your time in advance,

Michael





More information about the Snort-users mailing list